This document discusses disaster recovery and business continuity planning. It defines disaster recovery as rebuilding operations after a disaster, while business continuity planning focuses on keeping an organization running during a disruption. The document outlines the importance of business continuity planning given organizations' increasing reliance on information systems. It discusses different business continuity strategies like cold sites, hot sites, and mirrored sites. The document also covers implementing a business continuity plan, which involves phases like project initiation, risk analysis, design and testing. Overall, the document provides an overview of disaster recovery and business continuity planning.
This document discusses disaster recovery and business continuity planning. It defines disaster recovery as rebuilding operations after a disaster, while business continuity planning focuses on keeping an organization running during a disruption. The document outlines the importance of business continuity planning given organizations' increasing reliance on information systems. It discusses different business continuity strategies like cold sites, hot sites, and mirrored sites. The document also covers implementing a business continuity plan, which involves phases like project initiation, risk analysis, design and testing. Overall, the document provides an overview of disaster recovery and business continuity planning.
This document discusses disaster recovery and business continuity planning. It defines disaster recovery as rebuilding operations after a disaster, while business continuity planning focuses on keeping an organization running during a disruption. The document outlines the importance of business continuity planning given organizations' increasing reliance on information systems. It discusses different business continuity strategies like cold sites, hot sites, and mirrored sites. The document also covers implementing a business continuity plan, which involves phases like project initiation, risk analysis, design and testing. Overall, the document provides an overview of disaster recovery and business continuity planning.
This document discusses disaster recovery and business continuity planning. It defines disaster recovery as rebuilding operations after a disaster, while business continuity planning focuses on keeping an organization running during a disruption. The document outlines the importance of business continuity planning given organizations' increasing reliance on information systems. It discusses different business continuity strategies like cold sites, hot sites, and mirrored sites. The document also covers implementing a business continuity plan, which involves phases like project initiation, risk analysis, design and testing. Overall, the document provides an overview of disaster recovery and business continuity planning.
Business Continuity By Kavinga Yapa Abeywardena Sri Lanka Institute of Information Technology (SLIIT) Background • Information Systems are vulnerable to a variety of disruptions. • Mild: Temporary power outages, disk failures etc. • Severe: Equipment destruction, fire, natural disasters etc.
• Organizations must have the ability to withstand hazards
and achieve business objectives through both gradual & sudden changes.
• Focus is on ‘Availability’ component of the famous C.I.A
• We achieve this through ‘Disaster Recovery Planning’ &
‘Business Continuity Planning’. Background Definitions • Disaster Recovery Planning (DR) • The process of rebuilding your operations or infrastructure after the disaster has passed.
• Business Continuity Planning (BC)
• The activities required to keep your organization running during a period of displacement or interruption of normal operations. NIST SP 800-34 provides guidelines for implementing DR & BC Strategies!
More than half of small to medium-sized enterprises affected by 9/11 did not trade again! Business Continuity: Why? • Advancement of IT means businesses nowadays depend heavily on information systems.
• Many businesses cannot survive without 24 x 7
operations of IS. (e.g. e-commerce)
• Therefore traditional disaster recovery plans which
focus on restoring centralized data & operations center might not be sufficient.
• More comprehensive and robust Business Continuity
Plan is needed for critical IS. Business Continuity : When? • Business continuity plan should exist in the event of following disruptions or disasters. • Equipment Failure • Disruption of power supply or telecommunication • Application failure or database corruption • Human error, Sabotage, Vandalism & Strikes • Malicious Software (Viruses, Worms, Trojan Horses) Attack • Hacking or any other internet attack • Social Unrest or Terrorism • Fire • Natural Disasters (Flood, Earthquake, Hurricanes etc.) Business Continuity Planning : Team • Information systems have shifted from traditional centralized architecture to distributed and client/server architecture.
• IT department alone cannot achieve BCP success
• All executives, managers, employees must participate
• BC/DR Coordinator is responsible for maintaining the BCP
• He or She will carry out periodical reviews and
redistribute document parts to relevant parties Business Continuity Plan There are different methods an organization can achieve BC
• Cold Site: An empty facility located offsite with required
infrastructure ready for installation in the event of a disaster. • Mutual Backup: Two organizations with similar system configuration agreeing to serve as backup site to each other. • Hot Site: A site with hardware, software & network installed and compatible to original site. • Remote Journaling: Online transmission of data to backup systems periodically (every few hours) Minimizes loss of data and reduces recovery time. • Mirrored Site: A site equipped with identical facilities to the original site with system mirroring capability. Data is mirrored & backed up immediately. Transparent Recovery. Business Continuity Plan
Implementation Cost Mirrored Site
Remote Journaling
Hot Site
Mutual Backup & Warm Site
Cold Site
Recovery Time Mirrored Site High Availability Solutions •RAID: Local disk redundancy •Fault-Tolerant Server: When primary server fails, backup server resumes service. •Distributed Processing: Distributes load over multiple servers. If server fails, remaining server(s) attempt to carry the full load. •Storage Area Network (SAN): disk network supports remote backups, data sharing and data migration between different geographical locations Business Continuity Plan
Redundancy Vs. Cost
Vs.
• Right balance between BCP & Cost can be achieved.
• How? (Hint: You already know the answer) DR & BC Providers • Organizations can decide to use a facility delivered by a third party BC provider.
• However following areas of concerns should be
considered. • Floor Space • Redundant Equipment • Redundant Network Capacity • Relationship with vendors to provide replacements or assistance • Budgetary Constraints • Skilled personnel availability
Click Here: Local DR & BC Provider (LankaCom)
Preparing the BC Plan: Phases 1. Project Initiation BC objectives are defined and the scope is identified. A committee will be appointed to draw up BC policies. 2. Business/Risk Analysis Performing the ‘Risk Analysis’, Considering alternative BC strategies, Cost-benefit analysis, strategy selection & establish the budget.
3. Design & Development (Plan)
BC team is identified and responsibilities are assigned. Develop BC strategy and action plan and plan activation criteria. 4. Implementation (Plan) Prepare disaster response & recovery procedures. Vendor contracts prepared and recovery resources are purchased. Ensure that recovery team on alert. 5. Testing - Exercise scenarios periodically & produce BC reports & evaluate. 6. Maintenance - Reviewing & constantly updating/improving the BC plan. Concerns for a BCP/DR Plan ◼ Evacuation plan: People’s lives always take first priority ◼ Disaster declaration: Who, how, for what? ◼ Responsibility: Who covers necessary disaster recovery functions ◼ Procedures for Disaster Recovery ◼ Procedures for Alternate Mode operation Resource Allocation: During recovery & continued operation
*Copies of the plan should be off-site
Legally Obligated • In some organizations business analysis [2] is not the only factor that determines BC Strategy.
• They are legally obligated by regulators to provide
certain levels of protection to client data.
• Organizations who have direct public interest (such as
banks) have legal obligations to implement DR & BC strategies.
• http://www.slcert.gov.lk/ Provides consultancy on DR
& BC planning. Click Here: Central Bank Guidelines for BC QUESTIONS ?
